Apple app opens new world of biometric banking

After painstakingly typing a password to download every Angry Birds update, Apple iPhone users got a break with the latest 5s model’s fingerprint scanner. The addition could mark a turning point for biometric security technology, long a subject of concern to privacy advocates.

Called Touch ID, it makes the smartphones less susceptible to theft or misuse, and owners are lapping it up, according to Apple. Company research shows that 83% use a fingerprint scan to unlock their 5s phones, compared with fewer than half who previously bothered to secure their devices with passwords. Banks such as Bank of America, with 15 million active mobile accounts, may use the technology in future iPhone applications.

This month, Apple laid out plans to open up Touch ID to app developers when it releases a new mobile operating system by fall. Ultimately, that may let iPhone users skip passwords with the press of a finger to enter secure areas such as bank accounts. But with privacy breaches so frequent, adding biometric identifiers to the online ecosystem has some experts wondering how banks and other organizations will collect, store, transmit and exploit those data.

“Because you can’t change it like you can with a credit card number or password,” biometric data differ from routinely collected personal information, says Jennifer Lynch, a senior Electronic Frontier Foundation lawyer in San Francisco who writes about biometrics and privacy. “We need to push companies and the government to put policies into place that regulate collection and storage of biometric data.”

Still, biometric systems are also available for Samsung Android smartphones, and Apple’s move to let third-party developers’ use its system may touch off a scramble by banks and financial services companies to employ the technology.

“Coming from Apple, Touch ID will go a long way to boost the concept of biometrics,” says David Penn, a researcher at Seattle-based Finovate Group, which focuses on banking. “If anybody can bring the banks along, it might be Apple.”

The ease of use provided by Apple’s smartphones helps make them popular, and fingerprint scanning offers relief from typing passwords that some consumers welcome.

“I have to constantly enter a complex password many times a day,” says Darryl Bates, a television editor in Los Angeles. “If I could replace that with a fingerprint scan, it would be much more convenient.”

The Touch ID system captures a user’s fingerprint on the phone, employing the image to unlock a keychain of stored logins and passwords that provide authentication for various applications, according to Apple. So if the system opens a secure bank site, neither the financial institution nor Apple has access to the fingerprint involved. That information stays on the phone.

While some Samsung phones use a fingerprint scanner to enter PayPal accounts, and Bank of America may be interested in Touch ID technology, concerns remain about protecting personal information.

“You only have one set of biometric data, and we need to decide, as an industry, how to make sure that biometrics are introduced correctly,” says Anuj Nayar, PayPal’s senior director of global initiatives.

Hackers have already defeated Touch ID security. Chaos Computer Club members in Europe tricked a 5s sensor using a photograph of a print on glass to create a fake finger.

“It is far too easy to make fake fingers out of lifted prints,” Frank Rieger, a club spokesman, said last year in disclosing the hack.

Biometric identity verification isn’t new in banking and finance.

In Brazil, South Africa, India, France and other countries, banks have experimented with and used fingerprint scanners on automated teller machines since the 1990s. Some U.S. banks use scanners for safe-deposit boxes. Securities-trading terminals operated by Bloomberg LP have for years required a fingerprint to log into the system. Vanguard Group is among companies that verify customer identification with voice-print technology.

Equal parts of enthusiasm and skepticism have greeted biometric technology. In South Africa, an ATM maker reassured all concerned that thieves couldn’t use severed fingers to access accounts, because its scanners could detect whether a finger was “alive.”

Industry leaders say such worries will subside over the next several years, helped by the new smartphones.

“As the use of personal devices with biometric scanners increase,” mobile-to-ATM interactions will grow, says Frank Natoli, chief innovation officer at Diebold, which made thousands of ATMs that employ the technique in Brazil. “This will allow for more widespread adoption and acceptance of biometrics technology at the ATM.”

Lynch, the EFF lawyer, worries about shortsighted consumers who delight in the convenience and ignore privacy concerns.

“There’s a lot of research on humans’ inability to assess risk, like people afraid to fly in an airplane but not to drive a car,” she says. “We all find ways to trade off short-term benefits for long-term risks.”

NerdWallet is a USA TODAY content partner providing general news, commentary and coverage from around the Web. Its content is produced independently of USA TODAY.